package org.zebra.satoken.security;

import cn.dev33.satoken.context.SaHolder;
import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.same.SaSameUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.spring.SpringUtil;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 支持 satoken rpc同源策略
 *
 * @author zhanghongbin
 */
class SecuritySaInterceptor extends SaInterceptor {

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
            throws Exception {
        String token = SaHolder.getRequest().getHeader(SaSameUtil.SAME_TOKEN);
        if (StrUtil.isEmpty(token)) {
            return super.preHandle(request, response, handler);
        }
        SaSameUtil.checkToken(token);
        SpringUtil.getApplicationContext().publishEvent(AccessType.RPC);
        return true;
    }
}
